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Security and trust are seen as the most important issues in electronic voting systems. Therefore, it is necessary to use cryptographic 
procedures to ensure anonymity, security, privacy, and reliability in these systems. In recent years, blockchain has become one of 
the most commonly used methods for securing data storage and transmission through decentralized applications. E-voting is one 
of these application areas. However, data manipulation is still seen as a major potential problem in e-voting systems. In the- 
proposed model, administrators or miners are prevented from previewing election results which are normally accessible data due 
to the blockchain structure. A double-layer encryption model is proposed and tested to prevent manipulations that may occur 
with the election results. It is ensured that the election results can be counted after the participation of all stakeholders at the end. 
In this way, potential manipulations may be prevented during the election period. As a result of the model, the privacy of voters is 


ensured, no central authority is needed, and the recorded votes are kept in a distributed structure. 


1. Introduction 


A fair election is desirable by everyone. Frequently, there are 
doubts in the minds of voters related to the voting procedures, 
counting processes, and the announcement of results [1-3]. 
The election systems have evolved depending on the needs 
and developments of the time during which they were de- 
veloped. Technological developments offer possible innova- 
tions to every field; likewise, it is thought that digitalization 
mechanisms to be added to voting systems can minimize 
human errors [4]. But, unlike paper-based electoral sys- 
tems, problems such as system failure, network security, and 
information security may arise with an electronic voting 
system. 

One of the most important issues in e-voting systems is 
the security weaknesses made by people inside or outside 
who are authorized to access the system. A decentralized 
design and cryptographic data storage security approach 
may have the potential for solving these problems. Normally, 
cryptography is mainly used to encrypt information such as 


voter data, votes, and voting results before data are stored on 
the server. Therefore, the system can ensure the authenticity 
and security of the voting information [5]. In this context, 
various additional features and solutions have been pro- 
posed to be integrated into election systems. Development 
work is still ongoing. Different types of improvements to 
e-voting have been done to provide easy election organi- 
zation, easy participation, and low cost. Accordingly, various 
enabling technologies have been adapted ranging from 
biometric authentication to remote voting [6, 7] to kiosk 
systems [8] or to mobile voting systems [9]. Nowadays, the 
security and privacy of blockchain platforms have attracted 
great attention. Recently, blockchain-based voting systems 
have been proposed [10-13]. However, it is stated that such 
systems still have trust problems. Abuidris et al. [14] and 
Ghosh et al. [15] state the risks and vulnerabilities of 
blockchain applications. In e-voting systems, the guaran- 
teeing the security of the votes is seen as one of the most 
important problems. An attacker can copy and decipher 
passwords if he has sufficient computational power or when 


the encryption algorithm is proven unsafe. Therefore, the 
e-voting system’s ability to secure data and defend against 
potential attacks has always been viewed with suspicion. 

On the other hand, due to its privacy features, homo- 
morphic encryption has been used in other studies [16-20]. 
Operations such as adding and multiplying on the message 
encrypted with homomorphic encryption can be done using 
the Paillier algorithm [20]. However, the proposed struc- 
tures should be carefully examined. Although homomorphic 
encryption is generally agreed to be secure, for example, in 
the scheme proposed by Li et al. [12] and analysis conducted 
by Wang et al. and Qu et al., weaknesses were also identified 
[21-23]. Fontaine and Galand [24] argue that in general the 
proposed schemes are not very suitable for every use and 
their properties should be carefully studied. As e-voting 
systems contain a vital sequence of processes, the applica- 
tions should be inspected with care. 

In addition, blockchain technology, infrastructures, and 
its security properties may solve certain security issues 
identified, and it is emphasized that more studies are needed 
to adapt and enrich these features to developed desired 
e-voting systems [25, 26]. It is also known that although the 
blockchain includes many security measures, for example, 
attackers can still leak information by analyzing network 
traffic and transaction information [27]. 

Alongside these limitations related to the application of 
blockchain to e-voting, the most important problem in 
election systems can be seen as the manipulation of election 
results or the emergence of a situation that may affect the 
result. In places where the election results go hand in hand, 
there may be situations that may affect the result with little 
difference. It is also known that there are such disputes as a 
result of many elections. One of the most critical issues that 
can affect the outcome is the risk of results being foreseen by 
the leading candidate in the constituency. It has been de- 
termined that such information can be leaked during the 
election as a result of storing votes in a central place or being 
held by malicious people, even in a distributed structure. 

Preliminary or forseen results could affect the decisions 
of other voters. Therefore, it is critical to prevent disclosure 
of any results during the election period. The main con- 
tribution of this work is the following: we proposed a model 
for e-voting systems that can ultimately combine the security 
layer of the paper-based system with the security layers of the 
voting system. As a part of this undertaking, we proposed a 
model that eliminates data privacy and data reversibility 
problems that arose during the election. 

The general focus wason prevention of data breaches 
during the election period and proposing requirements for 
such a suitable decentralized block chain-based electronic 
voting system. The particular objective of the project was to 
develop an e-voting system using double-layer encryption 
that prevents the occurrence of situations that could impact 
the voter’s decision. The system requirements have been 
defined and performance evaluation was made in the ap- 
plication scenario of the designed system. In the proposed 
system, the votes are encrypted first, and, secondly, the 
encrypted votes are divided into pieces and distributed to the 
nodes. In this way, the data that is open in the blockchain 
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system alone becomes meaningless. To obtain the election 
results, a certain number of nodes come together to make the 
data meaningful and then can declare the results. As the 
results of the proposed model, the privacy of voters was 
ensured, while it was ensured that there was no central 
authority, and the recorded votes were kept in a distributed 
structure. It was guaranteed that the stored data cannot be 
predicted during the voting, and only the election results 
could be obtained after the participation of all stakeholders. 
As a result of the encryption and distribution algorithm 
together, the time to distribute the data increases according 
to the number of nodes to be connected. 

The rest of this paper is organized as follows. Section 
2 provides the literature on e-voting and threats. Section 
3 provides a description of the blockchain concepts and 
the e-voting systems based on blockchain. Section 4 
describes the system implemented, encryption methods, 
and analysis of the implementation. The last section 
provides the concluding remarks and outlines future 
work. 


2. Literature on E-Voting and Threats 


Advances in information technology are also affecting the 
election processes and methods. Researchers are working to 
contribute to existing methods and to improve the contri- 
bution of such systems to voting systems. Electronic voting is 
evaluated from different angles to traditional voting systems, 
such as convenience, reducing the margin of error, and 
getting quick results. 

Election commissions may face various problems during 
the election. The most common problems are improper 
approval regarding voting, duplication, or illegal voting. 
Secure authentication is very important to ensure that 
the eligible voter actually casts the vote. As an example, 
regarding the vote duplication problem, Mahiuddin rec- 
ommended a biometric iris recognition control system 
integrated into the voting system to avoid duplication [28]. 
Rana et al. and Olaniyi et al. advised fingerprint scan for the 
same purpose [29, 30]. 

Although electronic voting is an interesting topic, some 
researchers have published studies emphasizing that the 
shortcomings and risks of these systems need to be inves- 
tigated comprehensively. Olumide et al. and Kohno et al. 
also emphasize these risks in their studies [31, 32]. For 
security reasons, different solutions are recommended as 
follows: biometric [28,33, 34], fingerprint [29, 30], chip ID 
card (Near-Field Communication card) [35], and different 
encryption methods [17, 21, 36, 37], and suggestions are still 
examined by researchers. 

Experts have been working on safe and effective e-voting 
proposals for more than three decades. In an early article 
published by Chaum [38] in 1981, an anonymous com- 
munication channel to encrypt the ballot is used for the first 
time. After that, various e-voting systems were used in many 
countries since the 2000s. Various countries from each 
continent used e-voting in local and general elections. Some 
of these are as follows: USA (2000), India (2002), UK (2002), 
Estonia (2005), Canada (2006), and Norway (2011) [39-42]. 
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E-voting refers to the end-to-end process of registration, 
voting, and counting on a digital election management 
platform. Electronic voting systems try to be as easy to use and 
secure as the ideal traditional choices and eliminate human 
error. Electronic voting systems can generally be divided into 
two categories [43]. Ballots can be used remotely, as well as 
through closed systems allocated in election offices. In pool 
site electronic voting, the voters still participate physically, but 
the ballots are discarded and counted electronically. In remote 
online voting, votes are used remotely, usually using a per- 
sonal device over the Internet. Such alternative devices can be 
voting kiosks, computers, mobile devices, paper-based elec- 
tronic systems, and even televisions [44]. 

Such applications and systems must be accepted by 
society. A practical secure e-voting plan should be structured 
to provide the following features: 


Eligibility: only registered and authorized voters can 
vote [45, 46] 


Uniqueness: no one can vote again [46] 


Noncoercibility: no one should be able to follow up the 
person for which candidate he voted for [47] 


Reliability: votes must be securely recorded even in 
case of system malfunctions [48] 


Integrity: no one can change the votes [49] 


Verifiability: make sure that the votes are counted 
correctly [9, 50, 51] 


Electronic voting mainly is investigated for solving 
some of the problems identified in traditional voting 
systems. Earlier purpose of e-voting systems has been to 
integrate electronic devices into the voting system. How- 
ever, as a result of this integration, various difficulties are 
detected. Some research results indicated that serious 
critical weaknesses were still revealed in current e-voting 
systems. Various election officials see possibilities for in- 
ternal or external attackers affecting the illegal election 
outcome [31]. Hassan and Wang identified a set of possible 
problems such as unauthorized privilege, seizure, wrong 
cryptography usage, vulnerabilities to network threats, 
and software development weaknesses in the systems it 
examines [50]. Kiisters et al. studied several e-voting 
machines (ThreeBallot, Wombat voting, and Helios voting 
system) used in actual elections. The study showed that 
voting machines are vulnerable to attacks being under the 
assumption of trust in authorities. They showed that the 
authorities could change the ballot papers in an unno- 
ticeable way and thus manipulate the election without 
being detected [52]. 

Halderman and Teague conducted a detailed security 
analysis of the iVote system used in the elections in New 
South Wales, Australia, in 2015. As a result of their research, 
they reported that they detected vulnerabilities that could 
lead to manipulations or the capture of some private in- 
formation [53]. In another review, Springall et al. examined 
in detail the security analysis of the Estonian voting system. 
They showed how attackers could access election servers or 
voters’ customers to alter election results or undermine the 
legitimacy of the system [54]. 


Estonia and USA are two countries that have been using 
e-voting systems on a large scale. Estonia became the first 
country in the world to allow online voting in 2007. 
However, due to the infrastructure problems used in this 
election system, it was determined that voters could cast 
more than one vote. It was also revealed that those who had 
access to the voting system could see partial results be- 
forehand [54, 55]. Elections insiders’ attacks such as poll 
workers and local elections officials are real and imminent 
threats to electoral integrity [56]. 

Recently, blockchain technology with distributed ar- 
chitecture features has been proposed for e-voting systems, 
generally for their benefits in terms of end-to-end verifi- 
ability [57]. Like other researchers, Wei and Chang [58] 
point out that the blockchain can be used in electronic 
voting systems. Tas and Tanrıöver systematically examined 
the blockchain voting systems claimed by many schema 
authors in their study in August 2020. They found that 
e-voting was still far from being a safe real-life application 
[42]. 

A voting systems threat analysis was conducted by the 
Brennan central task force on the security of electronic 
voting systems used in the American elections. In this study, 
mainly the insertion of corrupt software, wireless and other 
remote control attacks, attacks on tally servers, shutting-off 
of voting system, they studied different scenarios such as 
denial-of-service attacks and attacks on the ballot. The re- 
sults of the study have demonstrated that it may be possible 
to alter the ballot that the votes shown for one candidate are 
recorded and counted for another [59]. 

Another study by Lewis et al. showed that the system 
developed for Swiss elections had a trap door. The study 
showed that malicious managers or individuals can ma- 
nipulate votes. It was stated that even if this breach was 
closed, it was not known whether other hidden ones were 
there for such manipulations [60]. 

In another important scheme called the Prét a Voter 
voting scheme [61], security weaknesses have also been 
detected as a result of tests carried out by independent 
parties. There is a tradeoff between voting system trans- 
parency and the potential for a hacker, an organization, or 
the government to determine exactly how each voter has 
voted [62]. The Swiss Post conducted a public test of the 
e-voting system they developed in 2019. The analysts 
identified weaknesses [63] that could allow an attacker to 
change or place votes and produce a result that would not 
match with the actual voters. These results showed that the 
system needs to be reverified [60, 64]. Ethical hackers even 
organize a contest at the DefCon conference about how fast 
voting machines used in America can be hacked, rather than 
whether they can be hacked [65]. 

Although, during the last 5 years, various blockchain- 
based e-voting systems were proposed, most of the papers 
only highlight the general and positive characteristics of 
these systems [42, 66, 67]. As examples, studies in [11, 13, 68] 
describe their design of a blockchain-based election system. 
However, most of these studies do not propose a complete 
design of a voting system. In addition, the weaknesses in 
blockchain systems recently appeared in some studies 


[69, 70]. These challenges are stated as scalability, privacy 
leak, Man-in-the-Middle attack, and Distributed Denial of 
Service attack (DDoS) [70]. On the other hand, online voting 
poses numerous risks to the security of the ballots used as 
well as to the integrity of the general election system. 
Moreover, adopting features like blockchain and encryption 
does not solve many of the underlying security risks inherent 
in online voting [71]. For this reason, it is important not only 
to keep the ballots safe but also to prevent them from being 
used by malicious users. 

To summarize, most traditional e-voting systems require 
a central and reliable third party for their processes. This 
causes them to be of critical importance in the storage and 
counting of votes. Blockchain is recommended for its 
decentralized features and increasing its security features. 
Despite getting lots of attention, the online voting system is 
still not widely used. The most important problems in the 
voting system remain the reliability of the system in storing 
and counting the votes and the voters’ assurance that there 
will be no manipulation. 


3. Blockchain Terms and Concepts 


In this section, we give a brief introduction to blockchain 
related terminology and its basic concepts. The appear- 
ance of the blockchain concept appeared in 2009 when 
“Satoshi Nakamoto” combined blockchain infrastructure 
with various rules and created the first cryptocurrency, a 
form of digital money that relied on cryptography for its 
security [72]. A block can be defined as a data structure 
that is added as a chain structure in a distributed way [73]. 
Blockchain can be seen as a distributed ledger of recorded 
transactions. The validity of transactions is established 
through a consensus mechanism, and transactions are 
recorded into blocks in a chain. Decentralization means 
that there is no central computing device for storing sent 
transactions [74]. Each blockchain node stores its copy 
and contains a reference to the previous block hash 
(Figure 1). 

After the rising popularity of Bitcoin, blockchain tech- 
nology gained popularity in numerous sectors. In a broader 
sense, the blockchain mechanism consists of a decentralized 
shared database that provides a secure, immutable, and 
auditable list of records. It enables anonymous parties to 
keep and organize their databases altogether in a completely 
decentralized manner and without the need to establish a 
centralized administration that implements a common 
central control [76]. The blockchain provides a permanent 
record of transactions on a network. Unlike a traditional 
database, the system copies the chain of records that occur 
and then allows each participant on the network to view all 
transactions. 

The applications of blockchain range from the Internet 
of things applications [77] to secure digital rights man- 
agement [78], pharmaceuticals [79], financial transactions, 
and trade and commerce [80]. Blockchain development 
infrastructures are also constantly evolving; however, ex- 
amples that are widely used are Bitcoin [72], Ethereum [81], 
Hyperledger, and R3 Corda. 
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The blockchain infrastructure consists of six layers. From 
bottom to top, the layer structure is composed of data, 
network, consensus, incentive, smart contract, and appli- 
cation layer [25, 27, 82, 83] (Table 1). 

The function of the data layer is to store the data in the 
block. A hash function is applied to produce a fixed-length 
output of variable size data. Being an irreversible one-way 
function, the processed data cannot be obtained back from 
the calculated hash value. Thus, a timestamp and a hash 
function are used for the integrity of the blockchain. 

The network layer of the blockchain works on a peer-to- 
peer (P2P) network structure. Peer-to-peer implementations 
are generally managed by distributed architectures that 
divide tasks between peers without a reliable authority [84]. 
This is used as a network program protocol to communicate, 
process, and duplicate blockchain between two or more 
machines. Each node on the network is responsible for its 
resources, and it serves as both a server and a client. 

The consensus layer manages the distributed consensus 
mechanism that governs the order of blocks. The purpose of 
the incentive layer is to provide definite incentives to get 
nodes to participate in the security verification of the 
blockchain. For contract layer, with the help of smart 
contract, transactions are initiated according to the rules 
[27, 83]. 


3.1. Hash Function. A hash function is an operation that 
creates a unique value of a fixed length with mathematical 
functions of various lengths of data. It is a one-way function 
and the original data cannot be obtained from the summary 
value obtained. In the hash process, the same value is 
generated for the same data, but when there is the slightest 
change, the value created by the hash function also changes. 


3.2. Encryption Methods. Ensuring the confidentiality and 
integrity of data is an important issue. In this paper, the 
symmetric and asymmetric encryption fundamentals are 
used to ensure the confidentiality and integrity of data. 


Symmetric Encryption. The same key is used in symmetric 
encryption and decryption steps. AES, DES, 3DES, and RC4 
are the main symmetric encryption methods. The encryption 
key is public, as the decryption key remains private [24]. 
Symmetric encryption algorithms are much faster and re- 
quire less computational power, but their main weakness is 
key sharing. Since the same key is used to encrypt and 
decrypt information, this key must be shared with anyone 
who needs access to the data. This naturally creates security 
risks. 


Asymmetric Encryption Schemes. Different keys are used in 
asymmetric encryption, encryption, and decryption. These 
keys are referred to as public and private keys. The public key 
is used for encryption and authentication, while the private 
key is used for decryption and signing. Asymmetric en- 
cryption systems are very slow compared to symmetric 
systems and require more computational power due to 
much longer keys. 
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Block n 


Block n + 1 header 


Hash of previous 
block 


Hash of previous 
block 


Hash of previous 
block 


Transaction data 


Transaction data 


Transaction data 


el 


TABLE 1: Blockchain layer architecture [25, 59, 80]. 


Layer Properties 

Data Data + encryption + timestamp 
Network P2P network verification 
Consensus Consensus mechanism 
Incentive Smart contract programmed rules 


3.3. Digital Signatures. A digital signature is a cryptographic 
mechanism used to verify the accuracy and integrity of 
digital data. The process essentially consists of hashing a 
message along with the signer’s private key. The recipient of 
the message can then check whether the signature is valid 
using the public key provided by the signer [64]. 


3.4. Smart Contract. In 1994, the term smart contract was 
introduced by Nick Szabo, a cryptographer and a computer 
scientist [85]. According to Szabo’s concept, the contracts 
can be converted into computer code, stored and copied to 
the system, and controlled by a computer network that runs 
the blockchain. Smart contracts refer to the writing of a 
contract in the lines of code and the transactions are exe- 
cuted according to the terms of these contracts which are 
executed on the blockchain [86]. When the contracts are 
loaded on nodes, they will interact with other components 
on the blockchain based on rules. Smart contracts are 
designed to perform reliable transactions without the need 
for a central authority or an external application mechanism. 
The blockchain-based smart contract becomes incrementally 
popular and has been exploited by multitudinous industries 
[87]. 


3.5. Consensus Mechanisms. The establishment of a decision 
is based on general acceptance by taking a certain number of 
steps within the framework of certain rules between a group 
of people. Proof of Work (PoW), Proof of State (PoS), 
Byzantine Fault Tolerance (BFT), and Delegated Proof of 
Stake (DPoS) are common consensus mechanisms [88]. 


Proof of Work (PoW). The most widely used consensus 
mechanism is Proof of work (PoW). PoW requires a 
complex problem-solving process. Miners perform complex 
calculations to reach a hash value with predetermined 
properties in the PoW protocol. The first miner reaching the 


Figure 1: Blockchain data structure [75]. 


specified hash value is entitled to add a new block to the 
chain. The relevant block is added to the blockchain after the 
hash value is published to other nodes and the hash value is 
verified by all nodes. Then, the integrity of the chain is 
ensured by adding the new block to all miners. At the end of 
this process, the miner who publishes the block is rewarded 
[89]. 


Proof of Stake (PoS). Proof of Stake (PoS) or virtual mining 
protocol [15] establishes alternative selection tools that aim 
to keep PoW’s benefits while improving on its weaknesses 
[90]. Proof of Stake (PoS) is an energy-saving compromise 
protocol alternative to the PoW protocol. The use of PoS 
started to increase due to the advantage of reducing power 
consumption and scalability. Miners in the PoS protocol 
have to prove the ownership of a coin amount (value). In this 
protocol, people with more assets are more likely to be used 
for verification [91]. 


Delegated Proof of Stake (DPoS). Delegated Proof of Stake is 
similar to PoS, but nodes in the network select delegates for 
block creation and validation and block validation and 
validation can be done very quickly with a small number of 
elected delegates. It makes blocks using DPoS not only faster 
than PoW or PoS blocks but also less secure. This is because 
only a small group of people decide the validity of trans- 
actions for the entire network and make this mechanism 
more centralized. Delegates can form cartels or start working 
together in secret, threatening trust in the entire network 
[92]. 


Byzantine Fault Tolerance (BFT). It is the consensus protocol 
that can still coordinate and come to a consensus despite 
some difference between the nodes [93]. 


4. System Description and Analysis 


In theory, the decentralization principle of blockchain 
technology can increase the integrity of elections and their 
controllability by different entities. The blockchain-based 
voting design relies on recording each data entry in the 
ledger across multiple nodes for constant proof of each ballot 
paper. For our implementation, we have decided to use a 
private network and use the Ethereum blockchain API. The 
reason for this decision is that Ethereum is a widely 


recognized and proven-secure infrastructure for blockchain 
applications. On the other hand, as smart contracts are 
visible and transparent to all voting participants, they are not 
suitable for storing sensitive data. That is why homomorphic 
encryption is preferred in our system due to its privacy 
features. The homomorphism feature allows one to operate 
on the ciphertexts without decrypting them. For a voting 
system, this property allows the encrypted ballots to be 
counted by any third party without leaking any information 
on the ballot [85, 94]. 

To protect the sensitive voting data, it was aimed to 
fragment the data and keep it distributed. Secret data sharing 
is a technique to strongly distribute fragments of important 
information between distributed networks. For this reason, 
the Shamir Secret Share method is applied as the second 
layer of security [95]. 

The proposed system scheme and proposed algorithm 
can be viewed in Figure 2 and Algorithm 1. The system 
procedures that should be conducted at every stage are 
briefly as follows: 


Phase 1: ID Card Delivery. Fingerprint/biometric data 
loaded microchip ID card distribution (Figure 3). 


Phase 2: Preregistration. Central Authority provides a 
list that is based on only eligible voters who can vote. 
Generally, the list of voters is held by election ad- 
ministrators. The election manager updates the list of 
eligible voters before the election if needed (Figure 3). 


Phase 3: Registration.Voters apply for voting services 
with an ID card containing fingerprint/biometric data. 
These data can be checked with the help of an inde- 
pendent special device. The voting service office 
manager checks the person’s right to vote. If he/she is 
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authorized, he/she is provided to select an account in a 
closed envelope (Figure 3). 


Phase 4: Voting: The voter selects candidates. The voter 
votes in any of the electronic cabinets with the help of 
the account information given in the envelope to him/ 
her. 


Phase 5: Transaction: At this stage, the vote is first 
encrypted with homomorphic encryption (Figure 4). It 
is then divided into pieces (Figure 5). Then, the transfer 
of transactions to all nodes is included in the system. 


Phase 6: Counting: Authority and assigned nodes to 
complete the process of combining the data for 
counting. Other nodes verify the results. It should 
achieve the same results. 


The operations performed in the flowchart of the pro- 
posed system are shown in Figure 2. In the first phase, every 
citizen should be provided with (Ci) biometric ID card. All 
the necessary information is uploaded to these chip cards. 

Election management authority is responsible for the 
election system requirements. System administrators and 
election authorities are to organize and control the voting 
process by initializing the system parameters and triggering 
different phases of an election. 

Election authority prepares voter list (Vi — Ci), and the 
system administrator defines the election (Eid)), candidate 
list (CLi), and registration office (RegOfficeID). 

Registration office authority guarantees the authoriza- 
tion for each voter (Vi). After the authentication is verified, 
the voter gets a token. This token can only be used once. 
After the candidate (CLi) selection, encrypted vote trans- 
action begins (Figures 4 and 5). Voters can submit their 
votes from multiple points applying the following: 


Encrypted Chipher Ballot Secret Share Slicer (Homomorphic Enc (CLi)). (1) 


This ballot is being distributed to the whole blockchain 
nodes in the voting phase. If the following transaction data is 
valid, it is added to the blockchain (Figure 6). 


Send Ballot Transaction (Token, ChipherBallot, Eid, Registration OfficeID, time stamp, Pub key). (2) 


We can summarize the vote encryption phase (Figures 4 
and 5); the important parameters of the applied methods are 
formally as follows (plaintext refers to vote information). 

Let p and q be random prime numbers, and then calculate 


n= p.q, 
A(n) =lcm(p- 1,4-1), (3) 
(Icm : lowest common multiple). 


If random prime numbers p and q have the same lengths, 
generator g=n+1 can be chosen. If not, then choose 
randomg € Z*,, 


nand g (public), p and q (private), (4) 


where x expresses the decimal value of the selected candidate 
and y indicates the encrypted value corresponding to this 
value. 


x (plain text), y (chiper text), (5) 
where r value is chosen to provide randomness. 
r (random number)0 <r <n, r € Z% (6) 


Encryption: y = Enc(x,r) = g* - r"mod n’. 
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Ficure 2: Proposed blockchain voting model extended from [42]. 


Table 2 illustrates sample random encryption 
calculation. 
All Votes := JI Enc (x, r)mod n’, 
a 2 
L(y modn 
x= Dec(y) = BO ee P 
L( g modn ) 
= (7) 
Lu) =~, 
n 


L(y\mod n°) = L, 


L(g'mod n°) =L 


Decryption: 
x = Dec(y) = L(y*mod n’)/L(g'mod n’)modn = L1/L2. 

The table of encryption durations (Table 3) for each user 
was examined in practice tests, and it was found that 
computation ended within an average of 93 ms. 

After the conversion of the decrypted value to binary, we 
can find the counting result for each candidate. 


Convert to Binary (x) = (Count A) (Count B) (Count C). 
(8) 
The anonymity and confidentiality of the votes used are 
ensured by homomorphic encryption. However, although 


the votes cast are encrypted and stored, there is a possibility 
that they can be counted at the nodes that store the data in 
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Input: Voter ID 
Output: Sliced Encrypted Ballot 
(1) Begin 


registered Voter 


(9) chose Candidate ID 


(13) else failed login exit 
(14) END 


(2) If Voter Id in Voter List Id then//Check Voter 
(3) Get the voter Token, set the password 

(4) else not an eligible voter exit 

(5) if (voter Id in registered voter list) then//check 


(6) Check Token and Password 
(7) else not registered voter exit 
(8) if not voted (token and password) then 


(10) chipherData = HomomorphicEnc(Candidate ID)//data encryption 
(11)  chiperBallot = SecretShareSlicer (chipherData) //data share 
(12) send chiperBallot to blockchain nodes 


ALGORITHM 1: Voting algorithm. 


Phase 1 -citizenship 
department 


Phase 2 


Check voter|criteria 


Biometric ID card 
delivery 


Create voter list © 


election authority No 


Phase 3 
election office 


Not qualified 


2 


Check|voter list 


@ 


Set password 


®© 


FıGuRE 3: Flowchart of ID card delivery and registration phase. 


Ciphertext C1 = 101010101... 
Voter 1 Homomorphic enc 
— > 
(V1 = 10) (V1) 
Decryption 30 
ed 
(C1 + C2) 
Voter 2 Homomorphic enc 
— > 
(V2 = 20) (V2) 
C2 = 001010101... 


Ficure 4: Encrypt ballot, homomorphic addition. 


the blockchain. For this reason, it is thought that the 
problem can be solved if this encrypted data can be dis- 
tributed among the nodes and, after the election, a certain 
number of nodes can come together to form the original 
data. Private sharing is achieved thorough dividing the 


private information into smaller chunks or shares and then 
distributing those shares across the group or network. In- 
stead of sending encrypted votes directly to the nodes, the 
data will be fragmented and sent to the nodes and stored. It is 
aimed to be reconstructed by gathering a certain number of 
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Authority 
Shared data p1 


Shared data p2 


Shared data p2 


P= p1, p2, p3, p4 


Shared data p4 


Observer 


Ficure 5: Encrypted data share diagram. 


Check registered 
voter 


©- 


Voting phase 


Yes 


4 


Authentication control 


Decryption 
data P 


P = p1, p2, p3 
P = p1, p3, p4 


P = p2, p3, p4 


Not registered 


[ Check token 


Yes Choose candidate 


Token|control 


Encrypt vote 


No, 
y 
( Not valid ) Send blockchain 
node 
Figure 6: Flowchart of the voting phase. 
TABLE 2: Vote and random encryption calculation. 
as, eH 2 
Vote A 21 B2? Cc 2° x Random number r Enc GOOF mod É 
g=n+l,n 
1 x 16 131 Enc (16,131) 
2 x 4 161 Enc (4,161) 
3 x 1 83 Enc (1,83) 
4 x 16 160 Enc (16,160) 
5 x 4 62 Enc (4,62) 
6 x 16 81 Enc (16,81) 
7 x 1 135 Enc (1,135) 
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TABLE 3: Encryption durations. 

Voters Encryption duration (ms) 
1 94 

2 89 

3 91 

4 87 

5 90 

6 93 

7 107 


nodes during the count. The structure created in this way 
will ensure that both redundancy and data integrity are met 
with certain criteria. 

As shown in Algorithm 2, 


vote data is fragmented into 4 nodes, P (p1,p2,p3,p4) 
(Figure 5); 

the number of nodes decided in the design comes 
together to ensure data integrity, P= decryption 
(p1.p2,p4); 

the same numbers of different nodes come together 
and verify. P=decryption (p2,p3,p4). 


P = random prime number, a, an d a, random number, 
S = secret data, 


peP: p>S,p>n, 


a; < p> ay = S, 
f(x) = ay) + a,x + ax? ++ bia 
ay = S 
(9) 
N=5 and k=3 (5 nodes, at least 3-node threshold). 
f(x) = a + ax + ax. (10) 


For 5 nodes, data are spitted into 5 pieces. This data 
fragmentation process is distributed according to the 
entire number of nodes and provides cross-checking by 
combining random nodes to create and control them. 


Dy = (1, f (1)modp) = (1, yo), 
D, = (2, f (2)modp) = (2, y,), 
D, = (3, f (3)modp) = (3, y2), (11) 
D, = (4, f (4)modp) = (4, y4) 
D, = (5, f (5)modp) = (5, ys), 


Original data is obtained with at least 3 nodes randomly 
selected for recovery (Figure 7). 
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(xo Yo) = (L, Yo) 
(xi y1) =(2 y1) (12) 
(x2 Y2) = (4, y2). 


f= arh 


x-xX. x-X xX-X 

1, (x) = sae cee ae | 
J IU eae: Xj—Xq Xj- Xq J 

k=3(0,1,2) j=0 m#0, 
h(x) = =a) (x — x) 
° (xo = x1) (xo -= x2) 

k=3(0,1,2) j=1 m#1, 
L(x) = (x — xo) (x — x2) 
: (x1 = xo) (xı =- x)z 

k=3(0,1,2) j=2 m#2, 
L(x) = (x- xo) (x - x) 


(X= xo) (%2 =- <y 
F(x) = D G 
(13) 


Fragmented values from each node are used to recover 
the function. 


F(X) = yo lolx) + yi h(x) + y h(x). (14) 


Finally, hidden data is obtained by calculating the p mod 
of the function. 


f (x) = a,x’ + a,x + ay (mod p). (15) 


Secret data S = ag can be obtained from Algorithm 3. 

Nodes or observers can check the validity of all 
transactions, making sure the election as a whole is secure 
and the data is stored consistently. The data-sharing 
scheme prevents even an attacker with unlimited com- 
puting power from accessing data alone. To obtain the data, 
it must have enough shares to meet the minimum number 
of shares. 

For secret share, the computation times with fixed 
thresholds (Figure 8) and with fixed nodes (Figure 9) were 
calculated. Threshold refers to the minimum number of 
nodes that need to come together when the value stored in 
fragmented nodes is to be recovered. It was determined that 
the increase in the number of nodes when the threshold 
remains constant causes an increase in the computation 
time, but the change is linear. However, when the number of 
nodes was fixed and when the threshold value was increased, 
it was determined that there were significant increases in the 
calculation time. 

This showed that using optimum nodes and thresholds 
in real system design will significantly reduce the voting 
processing time. In our experiments, 600 nodes and 300 
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N nodes, P random prime 
Input: Secret data a) = S 
Output: Shared data (Xj. y;)i =0,...,.N-1 
(1) (@)ja1,.. y-1-Rand //calculation function coefficients 


(2) for i=0 to N do//calculate function 
N-1 
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(5) Vif (j)modP 


(B) f (x) = ap + ax + a,x? +--+ + ayax 
(4) for j=0 to N do//calculate slices 


(6) return (x; y i= 0..N-1 


ALGORITHM 2: Secret sharing algorithm. 


Counting phase 


Check election duration 


Finished 


[ Collect sliced data 


Not finished C) 


Get encryted vote ) 


| 


Count (encrypted 
vote) 


Declare result }-@ 


Figure 7: Flowchart of vote counting phase. 


N nodes, P prime number 
Input: (x; — y;)i=0..N-1 
Output: Secret data S 


(1) 


for j=0 to k do//calculation of function coefficients from nodes 


(2) l; (x)= (x Xo)/ (x; Xo) (x XM (x; Xp kt i 
(3) for j=0 to N do//reconstruct function 

(4) f= yoh) + nh) + yp Ya). 

(5) Se—fmodP//calculate encrypted data 


(6) return S 


ALGORITHM 3: Secret reconstruction algorithm. 


thresholds are considered in the acceptable range. Con- 
sidering redundancy, security, and efficiency, the experi- 
mented values were acceptable, taking into account these 
three criteria. It was observed that when the threshold value 
was increased, the voting time increased logarithmically, and 
this negatively affected the election time. In addition, when a 
lower value is selected, the possibility of causing ma- 
nipulation again arises. At this setting, it took about 7000 ms. 
~ 1.17sec. (encryption + share + transaction = 93 + 1171 + 
5774) for the ballot to deliver to the blockchain network. 
However, this duration is expected to be higher real-life 
elections when more simultaneous nodes with high loads 


are needed; where for example more than 150 million 
Americans voted in the last USA presidential election 
held on November 3, 2020 [96]. 

The dependability problem that may arise in e-voting 
will be reduced by using a printout vote and putting it in a 
bullet box as in classical voting. In this way, a hybrid 
structure may be established with ballots stored for final 
control. In our case, the security of the voting system is 
ensured by combining the use of a fingerprint ID card in the 
voting protocol, the use of homomorphic encryption, and 
the distributed structure of data. This method can be in- 
tegrated into any private blockchain system. The occurrence 
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FIGURE 8: Fixed threshold (50) share duration. 
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Figure 9: Fixed node (600) share duration. 


of information leaks related to ballot information ande- 
lection results and use of multiple votes can be prevented . 
An analysis of properties can be stated as follows: 


Privacy: All voters are allowed to vote with a randomly 
generated account, while no password or username to 
connect with people is used. All votes cast start a 
transaction with homomorphic encryption first. In this 
way, the privacy of the voter is protected. 


Availability: Being in a distributed permission struc- 
ture, the availability percentage of the system increases. 
Its closed structure provides resistance to attacks. 


Eligibility: since voters accepted by biometric data 
control are allowed to vote, only those who are au- 
thorized to vote are enabled to vote. 


Uniqueness: Once registered for voting, the voter 
cannot vote again and can only vote once with his 
account. A smart contract does not normally allow such 
operations. 


Noncoercibility: Random key based encryption and 
distribution prevent tracking of votes with the com- 
bination of homomorphic encryption and secret share 
modeling. The user account to be used to vote is 
randomly created and is not tied to people and the vote 
cast. 

Reliability: Keeping the votes cast in a distributed 


structure enables the system to work in any situation. 
No data is lost. The distributed nature of the system 
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ensures higher durability against attacks when com- 
pared to single-point systems. 


Integrity: Data stored on the blockchain is safe from 
tampering. Since the proposed system has a permission 
based blockchain structure and a framework with 
different nodes, the data in this system is secure. 


Verifiability: Firstly, in reaching the final results, the 
process is the aggregation of information of a certain 
number of nodes included in the consortium. Secondly, 
other nodes work on a consensus mechanism and 
hence cross-check and verify the results. Since the 
printed votes will be cast in the box in the election 
room, the net result can be calculated with the box 
count in case of need. 


Buying attack: It is recommended to use the voting 
process similar to the classical voting process by means 
of legal sanctions. In this way, people are not allowed to 
show whom they voted for. 


Replay attack, Sybil attack or Man-in-the-Middle at- 
tack: Although the system uses permission based pri- 
vate network, there may be Man-in-the-Middle attacks, 
replay attacks, or Sybil attacks. In case of incidents 
related to imitation of voters or attempts to change the 
vote cast, the results may be verified by cross counting 
the votes in the election offices. 


5. Conclusion 


Although electronic voting has been a topic of interest for 
many years, it is still not fully resolved. Online voting 
systems contain a security conflict such that it may be 
possible for authorities to conduct fraud or do manipula- 
tions which are difficult to detect by other participants. 

In this work, a double-layer security model is proposed 
and tested to prevent manipulations that may occur during 
the elections and with the election results. It is ensured that 
the election results can be counted after the participation of 
all stakeholders. As a result of the model, the privacy of 
voters is ensured, no central authority is needed, and the 
recorded votes are kept in a distributed structure. In this 
way, potential manipulations may be prevented during the 
elections. 

Validation through simulation results showed that the 
voting and counting phases of the proposed system worked 
as intended. Ballots are encrypted with homomorphic 
encryption and then shared among nodes in the system. 
Only valid voter ballots are guaranteed to be recorded as 
transactions, which were mined into blocks. It was also 
tested that the system continues to work even if a node 
becomes inoperable. Furthermore, it is ensured that the 
election results are announced with all stakeholders 
without data loss. 

The most important limitation has been the difficulty of 
simulations with as many nodes as a real election system 
needs. In the future, it is aimed to simulate with a more 
realistic system, to operate the system from end to end, and 
to focus on optimizations for scalability of the system. 
Another future work is that in the proposed system the end 
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of election is assumed to be depending on the system time. 
However, the system may be improved to increase the se- 
curity of the time dimension. 

In our opinion, transition to the e-voting method should 
proceed slowly by implementing in small pilot populations 
first and then widening the scope slowly. The imple- 
mentation of such voting systems still poses many challenges 
and risks for developers and governments. 
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